Multiple vulnerabilities in SLUB: Event Registration extension for TYPO3



Published: 2019-10-15 | Updated: 2024-03-06
Risk High
Patch available YES
Number of vulnerabilities 3
CVE-ID CVE-2019-16700
CVE-2019-11358
CVE-2015-2531
CWE-ID CWE-434
CWE-1321
CWE-79
Exploitation vector Network
Public exploit Public exploit code for vulnerability #2 is available.
Vulnerable software
Subscribe
SLUB: Event Registration
Web applications / Modules and components for CMS

Vendor TYPO3

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Arbitrary file upload

EUVDB-ID: #VU21799

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-16700

CWE-ID: CWE-434 - Unrestricted Upload of File with Dangerous Type

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to the affected software allows to upload arbitrary files to the webserver. A remote attacker can upload and execute arbitrary file on the server (For versions 1.2.2 and below) or cause a denial of service (DoS) condition, since the webspace can be filled up with arbitrary files (versions later than 1.2.2).

Mitigation

Install updates from the vendor's website.

Vulnerable software versions

SLUB: Event Registration: 1.0.7 - 3.0.2

External links

http://typo3.org/security/advisory/typo3-ext-sa-2019-017/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Prototype pollution

EUVDB-ID: #VU18092

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-11358

CWE-ID: CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes (\'Prototype Pollution\')

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary JavaScript code.

The vulnerability exists due to improper input validation. A remote attacker can pass specially crafted input to the application and perform prototype pollution, which can result in information disclosure or data manipulation.

Mitigation

Install updates from the vendor's website.

Vulnerable software versions

SLUB: Event Registration: 1.0.7 - 3.0.2

External links

http://typo3.org/security/advisory/typo3-ext-sa-2019-017/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

3) Cross-site scripting

EUVDB-ID: #VU8435

Risk: Low

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2015-2531

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform XSS attacks.

The vulnerability is caused by an input validation error in the jQuery engine in Microsoft Lync Server 2013 and Skype for Business Server 2015. A remote attacker can trick the victim to follow a specially specially crafted link and execute arbitrary HTML and script code in victim's browser in security context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install updates from the vendor's website.

Vulnerable software versions

SLUB: Event Registration: 1.0.7 - 3.0.2

External links

http://typo3.org/security/advisory/typo3-ext-sa-2019-017/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###